MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 38966308974a1973a0ff01395612965813e52cd3c4929e11b32027a5dd461dd9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

QuakBot

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	38966308974a1973a0ff01395612965813e52cd3c4929e11b32027a5dd461dd9
SHA3-384 hash:	45233ae8196e3b2f4833048daefad52d3aceecbb98cb87bac95f876f60b5f509c14e8ed4ccbc8f30e2aaa959c0b7288f
SHA1 hash:	59104526688f2c7f22656c1df08359f04d4bf654
MD5 hash:	ca293c0607fad1c23a40e8324c5bd686
humanhash:	king-victor-spaghetti-foxtrot
File name:	38966308974a1973a0ff01395612965813e52cd3c4929e11b32027a5dd461dd9
Download:	download sample
Signature	QuakBot Create hunting rule
File size:	271'872 bytes
First seen:	2020-11-11 11:31:29 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	015974618e9105226f001019d35e62e5 (1'506 x Quakbot)
ssdeep	6144:DLfhdM/bXZswyIyO6t0nh7lqoDKOAP4PshaoA:nvKbXWNmVHelmEaoA
TLSH	9544F22324749436F81607FA4DA6D6B10D6E7828AE3145CF2FC95308472E9F28F767DA
Reporter	seifreed
Tags:	Quakbot

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.Lupus-9787367-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a process with a hidden window

Creating a file in the Windows subdirectories

Creating a file in the %AppData% subdirectories

Creating a process from a recently created file

Launching a process

Creating a window

Unauthorized injection to a system process

Enabling autorun by creating a file

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/38966308974a1973a0ff01395612965813e52cd3c4929e11b32027a5dd461dd9/

Threat name:

Win32.Trojan.PinkSbot

Status:

Malicious

First seen:

2020-11-11 11:36:25 UTC

AV detection:

25 of 29 (86.21%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=hclggcexjimxhih7ae4vmeuwlaj6klgtysjj4enteat2lxkgdxmq._file

Result

Malware family:

qakbot

Score:

10/10

Tags:

family:qakbot banker stealer trojan

Link:

https://tria.ge/reports/201111-k398jjhtns/

Behaviour

Runs ping.exe

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Qakbot/Qbot

Unpacked files

SH256 hash:

38966308974a1973a0ff01395612965813e52cd3c4929e11b32027a5dd461dd9

MD5 hash:

ca293c0607fad1c23a40e8324c5bd686

SHA1 hash:

59104526688f2c7f22656c1df08359f04d4bf654

Link:

https://www.unpac.me/results/fc5daaae-2f6e-4dbd-a147-6a87dbbd4084/

SH256 hash:

f7477b480cf090068db5f4b3d89bb2c0ae1350658298b7b4dc23de26f415d184

MD5 hash:

f290b3c52bb65d2dd909a1934df41351

SHA1 hash:

8c05df0f5c5d42d360e02be09b0c94fe78906715

Detections:

win_qakbot_g0

win_qakbot_auto

Link:

https://www.unpac.me/results/fc5daaae-2f6e-4dbd-a147-6a87dbbd4084/

SH256 hash:

a704748cdceb5e5f96cd6e131ac644f90a4afe03db1c793970a2336c4a5dea77

MD5 hash:

1724a458d86ec5b7aeda2b0e96176d66

SHA1 hash:

ef53ef5f37d66a0789677dc690d3fdc5d19103e6

Detections:

win_qakbot_auto

Link:

https://www.unpac.me/results/fc5daaae-2f6e-4dbd-a147-6a87dbbd4084/

Parent samples :

6ca8c7e8acaec97b05aa175a11e2e474621706a320eca4b1b0096d6a150c162c
d9ea9dc5a145e58531ea7b29cd4e38bbc8c36011590f3fada67f54829d6bd118
8f29ad62267629b927d763f557e10e3d4ed3b77c118c02bb143e51d4b4063d2b
38966308974a1973a0ff01395612965813e52cd3c4929e11b32027a5dd461dd9
5a6d7886458e2bf4e05af49a375c0df110893c72568a7f9fd804bbf889e81535
8df12f8055512ff01c690e1b45777fab03eddaf60845afbfadaa3b3d225e3aec
8460eff35d8d6196b16f1b67cfd1557176138962ce63c1eeb0553a700c84c923
789d5cbf2f1d5cf98ab6c8ed84f472786559f6f1dc8cabc5ddbd48b6f25cfe39
bd35fbaa9b56c8bada6f731b09b9db2297eced473bbbc96d355fe24b43ddd248
c135fe92da22d209e22fc7c9ad83d2456f9f783874b1c9ed9be87fed650510e0
2372c12bf9bb289210f9be4cde76110e2848dd34d3c345df8991698b5f024741
0bda4b37e2a0a89a0272b0a5bc87cc25de33ba4ebf4e4c4b35f5094a455c01c9

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample